I think you are referring to me...so I will sign off with one remark
if you have a bios flash file....and can reflash....sst is mentioned in uniflash so there is the possiblility that you try...(yes I know u won't) uniflash and if it fails you restore the bios with your winflash file |
Not that it helps right now but I'd like to remark OT that this thread could have gone much faster if you provided all specs upfront.
|
Quote:
I'm not quite sure where the confusion is coming from. If you mean the bricked board I mentioned, I already have another one and I am back in business. Really, I don't need another flasher. This thread is specifically dedicated to decompressing the BIOS image, and putting it back together once it is modified. The reason why it is done is because the code is scrambled by compression and cannot be modified directly in the image as it is. Kind of if you were to compress a picture into a common archive like .zip and tried editing the archive with a graphics editor. As I understand it, the BIOS extracts itself into RAM at boot time. |
http://www.paul.sladen.org/thinkpad-...d-pci-ids.html
this section called Get the the point! may excite you. even tho its talking about a diff hw...it says there is a global checksum. " In short, if you change a value upwards (add), then you need to subtract the same difference from the correctly aligned byte of the checksum." |
http://www.coreboot.org/Tyan_S2891_Build_Tutorial
ignore the fact its coreboot instead look at the use of cat to join separate bios roms together and look at the use of strings to search certain things. |
Quote:
PhoenixDeco(phnxdeco) throws this in the output: Code:
Filelength : 100D26 (1051942 bytes) But forget that, I have access to Hex Workshop. The ID for a compatible Intel card is 8086:4222/135B:103C, thats VEN:DEV/SUBSYS. So the value for VEN and DEV would be 86802242. There are 0 instances of those values in the image. To verify I searched for 8680 by itself, 21 instances, no DEV values after. There is no checksum in the format shown in that article either. HP did quite a number on this one eh? At this point you may question whether I have a Phoenix BIOS... I'm quite sure I do, in the corner of the splash screen at boot it shows the Phoenix Technologies logo. Just like this one: http://www.phoenix.com/PhoenixTPLT/i...ommon/logo.gif And PhoenixDeco shows the basic information about the image. Thanks for the continued assistance. PS This is a 6 month old BIOS, I'm going to see if I can find the oldest compatible BIOS out there to see if I can get something out of that. ...Actually I just did, earliest is May 10th 2006. Same result. PhoenixDeco can't do anything with it, no hex values of VEN&DEV found directly, no checksum string. I'm really stuck now. Right now I'm trying to find the PhoenixDeco(phnxdeco) project page to see if there is a newer source available. So far I find only Debian&Ubuntu package information. Still that might not bring any result even if it gives me the section locations and actually extracts it. I still have to have a way to put it back together. So I'm still stuck. ... I disabled the bootsplash and it shows that the BIOS is of Phoenix TrustedCore product line. No version or anything. |
http://hermann-uwe.de/debian
is the maintainer pkge is here http://packages.qa.debian.org/p/phnxdeco.html |
Quote:
Of course I know how to adapt the package. |
Quote:
If you still insist of customizing your BIOS code, I suggest use coreboot for better results from what I am reading. Of course check to make sure that coreboot supports your hardware and that you have spare BIOS chips. If the BIOS is soldered, you will have to get a soldering iron designed for SMT or sensitive devices. There are plenty of programing devices for all kinds of EEPROM, FLASH, PLD, GAL, and several other programmable chips. Just need a 40 pin TSOP/SOP clamp. |
Hello there. I think I can help you. Please try using phnxdeco from here:
ender.in/bios.tools/ (can't make it a link, my first post and forum disallows that) Or take the module with whitelist extracted by Phoenix BIOS editor. Modify it and use prepare.exe from Phoenix BIOS editor (if you don't have one, Intel's download center has a copy for you) to compress the module. You'll have to create rom.scr with following contents: COMPRESS LZINT BIOSCODE MYMODULE.ROM Then run prepare.exe rom.scr and it will create MYMODULE.MOD - the compressed version. Repeat this process for the _original_ (unchanged) module. Compare filesizes of original.mod and changed.mod - if they differ, find the whitelist again and modify some other card IDs until it compresses exactly the same. Then use phnxmod.exe from the linked page, or use some hexeditor to replace the module, and you should be done :) Or maybe not, chances are that the module containing whitelist has more than one "block", that it's scattered at more places of the original BIOS, and that will need some more work. Will hint that later, if needed. And if crisis BIOS recovery works for you (with normal BIOS, not the one "destroyed" by PBE), I'd like to ask if you could flash a BIOS modified by me, I still need to test the way of making module larger/smaller and my notebook does not support any way of BIOS recovery (ThinkPad...). |
...Where the ''problem'' is coming from
Quote:
NO manufacturer TODAY is going to tell you everything you might want to know about their bioses. They've gone with Phoenix' plan to make laptops really really really secure from theft of their DATA, even as the ''laptops'' themselves are getting smaller and lighter and easier to steal, physically. The password encryption routines are in there, obviously. They do not want you to: a) find them; b) unencrypt them; c) reverse engineer them. All the security that's possible hangs on the security of this mechanism. If you could crack it, so could virtually anybody else. Not gonna happen. Just look at all the posts about resetting bios passwords by ''removing ...battery'' or ''moving ... jumper''. Guys, they've been storing them in the keyboard controller for TEN YEARS already. If you don't understand trapping I/O on ports 70 & 71, you've got a LONG way to go! And, there's a bit somewhere, SOMEWHERE, saying 'password set' so flashing a new bios usually does nothing at all. If your are 16 and elite, that will hardly be an impediment. Old guys like me tend to be too linear and too literal. As in ''my, that's stupid!'. Yeah ... like a fox. So ... Think like a fox. There's a door someplace where they get the eggs out, and something where they put the food in. Not sure about the chickenshit. But things go in, things come out. Code can execute in the CPU, of course. But what about in a smart peripheral controller? Nothing stored anywhere to poke around in. Looks like just another register getting initialized. If you insist on working on the innards of the current crop of laptops, this is what you're up against. Me, for now anyway, I'm sticking with the older ones. Easier to hack. Bill |
All times are GMT -5. The time now is 08:18 AM. |